Upload
crystal-johnson
View
214
Download
0
Embed Size (px)
Citation preview
8/10/2019 Audit_Chapter 2.docx
1/9
1
Introduction
Until 2002, the accounting profession was self-regulated; the standards governing audits were
established by members of the profession themselves (through theAmerican Institute of
Certified Public Accountants, or AICPA)
As a result of audit failures to Enron and WorldCom, Congress passed the Sarbanes-Oxley Act of
2002
o Among other reforms, this act created the Public Company Accounting Oversight Board
(PCAOB) to provide external and independent oversight over the audits of public entities
o A public entityis one who offers registered securities, such as stocks and bonds, for sale to
the general public
o The PCAOB is mainly responsible for registering public accounting firms, establishing
standards for audit engagements, and inspecting the quality of audits conducted by
registered public accounting firms
PCAOB has met a lot of controversy, including criticisms of the increased costs for
public companies of complying with the PCAOBs standards related to internal
control, as well as their inspection process
Firms have filed a lawsuit challenging the constitutionality of the PCAOB based onboth the process through which members of the PCAOB are appointed as well as the
powers held by those members
Generally Accepted Auditing Standards (GAAS)
The AICPA first developed standards that served as the basis for audits of both public and
nonpublic entities
o 1972-present, AICPAsAuditing Standards Boardissues the Statements on Auditing
Standards(SASs) to provide guidance for the conduct of audits
o The PCAOB issuesAuditing Standards, which are subject to the formal approval of the SEC
The authorization for developing standards for the audit of public entities belongs
to the PCAOB, while the authorization for developing standards to nonpublic
continues to remain with the Auditing Standards Board of the AICPA
Together, the pronouncements of the AICPA and PCOAB are collectively referred to as generally
accepted auditing standards (GAAS)
o GAAS are auditing standards that identify the necessary qualifications and characteristics
of auditors and guide the conduct of the audit examination
o The purpose of GAAS is to meet the objectives of an audit examination, which are:
To obtain reasonable assurance about whether the financial statements as a whole
are free of material misstatement, whether due to fraud or error, thereby enabling
auditors to express an opinion on whether the statements are presented fairly in allmaterial respects in accordance to applicable financial framework
And, to report on the financial statements, and communicate as required by GAAS, in
accordance with the auditors findings
Generally, auditors that dont follow guidance provided by GAAS are presumed to have performed
deficient audits
8/10/2019 Audit_Chapter 2.docx
2/9
2
o Auditing standards can be unconditionally required(auditors must fully comply with the
provisions or standards), orpresumptively mandatory required (auditors can depart from
standards under certain circumstance and with appropriate documentation)
More auditing literature: Interpretive publications
o This includesAICPA Audit and Accounting Guides, andAICA Auditing Statements and
Positionsprovide application of GAAS in specific circumstances and for certain
industries
o
These are less authoritative than SASs and Auditing Standards but auditors must still
justify any departure from these publications
In sum, GAAS:
o (1) Fundamental Principles (guide general conduct of audit engagements)(2) PCAOB
Auditing StandardsandASB Statements on Auditing Standards(both provide support to
fundamental principles);can also include (3) the Interpretive publications(provide
further guidance on application of GAS)
Auditing Standards vs. Auditing procedurestwo different things
o Audit proceduresare the specialized actions auditors take to obtain evidence in a specific
audit engagementthey are usually situation-specific: depend on the industry, the type ofentity, the complexity of the accounting system, etc.
o Auditing Standards are quality guides to the audit that apply to all audits
Hence, auditors reports refer to an audit conducted in accordance with standards
of PCAOB
We have special auditing standards for governmental and foreign entities
o A firm that audits public and private entities throughout the world may be subject to
multiple and sometimes conflicting standards issued by the ASB, PCAOB, and IAASB
Having multiple sets of standards for the audits of different entities is a current
challenge
Auditors and regulators have a great interest in convergence making the
standards coordinated throughout the world
International Standards on Auditing (ISAs)are the first step in the development of
one consistent set of guidelines that auditors worldwide can follow
Public entities Nonpublic Governmental Foreign
Rule-making body PCAOB AICPA- Auditing
Standards Board
(ASB)
U.S. Government
Accountability
Office (GAO)
IFAC -
International
Auditing and
Assurance
Standards Board(IAASB)
Standards Auditing
Standards (ASs)
Statements on
Auditing
Standards (SASs)
Government
Auditing
Standards (The
Yellow Book)
International
Standards on
Auditing (ISAs)
Website www.pcaobus.corg www.aicpa.org www.goa.gov www.ifac.org
http://www.pcaobus.corg/http://www.pcaobus.corg/http://www.aicpa.org/http://www.aicpa.org/http://www.goa.gov/http://www.goa.gov/http://www.ifac.org/http://www.ifac.org/http://www.ifac.org/http://www.goa.gov/http://www.aicpa.org/http://www.pcaobus.corg/8/10/2019 Audit_Chapter 2.docx
3/9
3
Organization of GAAS
Body of GAAS emerged from 10 basic standards that were classified into three major categories:
o General standards
o Standards of field work
o Standards of reporting
ASB made an Exposure Draft and identified three fundamental principles very similar to the 10
basic standards underlying an audit
o
These are related to the: responsibilities of the audit team,performance of the audit, and
reporting the results of the engagement
o Exhibit 2.1 (pg. 41) compares the 10 basic standards to the 3 fundamental principles of ASB
Comparison of AICPA GAAS with ASB Fundamental Principles
10 Basic Standards Responsibilities Principles
General Standards Auditors responsible for:
1. Competence and capabilities; 2. Complying with eth
requirements (independence and due care); 3. Profes
skepticism and professional judgment
1. Training and proficiency
2. Independence in mental attitude
3. Due professional care in audit and report
Standards of Field Work Performance Principle1. Planning and supervision To obtain reasonable assurance:
1.Plan work and supervise assistants; 2. Determine an
apply appropriate materiality levels; 3. Identify and as
risk of material misstatements; 4.Obtain sufficient evi
2. Understand entity and its environment to asses
risk of material misstatement
3. Obtain sufficient evidence
Standards of Reporting Reporting Principle
1. F/S in accordance with GAAP Based on evidence obtained, auditor:
1. Expresses an opinion or states that an opinion can't
expressed; 2. Opinion is based on conformity of financ
statements with applicable financial reporting framew
1. GAAP is applied consistently (only report if it was
not applied consistently)
3.Adequacy of disclosures (only report if inadequate)
4. Express of disclaim an opinion
The fundamental principles closely parallel the definition of auditing
o Responsibilities principledefines objectivity and identifies auditors role
o Performance principlerequires auditors to plan their work (systematic process) and to
obtain and evaluate evidence through assessing the risk of material misstatement and
gathering sufficient evidence
o Reporting principleprovides guidance for communicating results of the audit about
whether financial statements prepared using established criteria
Fundamental Principle: Responsibilities
Fundamental principle of responsibilities relates to personal integrity and professional
qualification of auditors; it includes:
o Having appropriate competence and capabilities to perform audit
o Complying with relevant ethical requirements : independence and due care
o Maintaining prof. skepticism and using professional judgment throughout the audit
Most points relating to responsibilities principle are addressed before firm accepts a client
o However, Prof. skepticism and prof. judgment must be exercised throughout entire audit
engagement
8/10/2019 Audit_Chapter 2.docx
4/9
4
Stages of an Audit (see page 42 for chart)
1. Obtain (or retain) engagement
Responsibilities in this stage:
o Competence and capabilities
o Relevant ethical requirements (independence and due care)
2. Engagement Planning
3. Risk Assessment
4. Audit Evidence
5. Reporting
Competence and Capabilities
The competence and capabilities component of responsibilities principle has two elements:
education and expertise/experience
o Education: auditors are experts in accounting standards, financial reporting and auditing
In addition to university-level education, auditors are also required to participate in
continuing professional educationthroughout their careers to keep pace with
changes in accounting profession*Continuing professional education is a requirement for maintaining CPA
o Experience: gained through hands-on practice and on-the-job training
Includes the ability to develop and apply professional judgment during audits
Judgments relate to gathering evidence on fairness of financial statements,
evaluating evidence against GAAP, etc.
Independence and Due Care
Responsibilities principle requires auditors to comply with appropriate ethical requirements
o Two specific ethical requirements we must know: independenceand due care
Auditors must maintain independence in mental attitude: they are expected to be unbiased and
impartial with respect to information they audit
o This state of mind and impartiality with respect to a client is also called independence in
fact
Auditors must also appear unbiased; independence in appearanceis the extent to which others
(particularly financial statement users) perceive auditors to be independent
o Example: if an auditor owns shares of a clients stock, third-party users would not perceive
the auditor to be independent (even though the mental attitude of the auditor is impartial)
The concept of independence has evolved over time SEC has issued rules that prohibit audits
from providing financial systems implementation and audit services to their clients; and all non-
audit work must be approved by audit committee before taken up
o SOX has imposed more restrictions (see page 43 for details on restrictions)
Two major threats to independence exist:
o 1. Financial relationships, such as owning shares of stock in a client or having a loan
outstanding to/from a client
o 2. Managerial relationships, such as the ability to act in a decision-making capacity on
behalf of a client or to provide advice on information that will be audited
Responsibilities for these stages include:
Professional skepticism and professional judgment Due care
8/10/2019 Audit_Chapter 2.docx
5/9
5
Independence must be guardedgeneral public will grant professional status to an auditor only
as long as they are perceived to be independent
Second ethical requirement: due care
o Due carereflects a level of performance that would be exercises by reasonable auditors in
a similar circumstance; auditors are expected to possess the skills and knowledge of others
in their profession and are not expected to be infallible
This aspect relates to the competence and capabilities of the auditor to perform the
engagement and issue appropriate reports
One specific element of due care is performing the audit with appropriate level of
professional skepticism
Professional Skepticism and Professional Judgment
Both professional skepticism and professional judgment are required throughout the entire audit
process
Professional skepticismis a state of mind characterized by appropriate questioning and a
critical assessment of audit evidence; Auditors consider:
o Contradictory evidence obtained through different procedures
o
Reliability of documentary evidenceo Reliability of information obtained from management and those in charged of the entity
(audit committee)
Professional judgmentis the application of relevant training, knowledge, and experience in
making informed decisions about appropriate courses of action during the audit engagement
o These judgments relate to the evidence obtained during the audit and the conclusions
reached
Professional judgment is exercised through gathering, evaluating and drawing
conclusions on the evidence
o Auditors are required to carefully document their professional judgment in a way such that
experienced auditors with no previous relationship to the audit can understand the
judgments and conclusions made
Fundamental Principle: Performance
Fundamental principle ofperformance sets for the quality for conducting an audit
o Performance is also highly influenced by the need for prof. skepticism and prof. judgment
The performance principle states:
o To express an opinion, the auditor obtains reasonable assurance about whether the
financial statements are free from material misstatements, whether due to fraud/error. To
obtain reasonable assurance (high, but not absolute assurance), the audit must:
Plan the work and supervise assistants
Determine appropriate materiality level throughout the audit
Assess risk of material misstatement, whether due to fraud or error, based on
understanding the entity/its environment, and its internal control
Obtain sufficient audit evidence about whether material misstatements exist,
through implementing appropriate responses to assessed risks
8/10/2019 Audit_Chapter 2.docx
6/9
6
Basically, performance principle contains five elements: (1) reasonable assurance, (2) planning
and supervision, (3) materiality, (4) risk assessment, and (5) audit evidence
Reasonable Assurance
Reasonable assurance recognized that a GAAS audit may not detect all material misstatements and
that auditors are not insurers or guarantors regarding the fairness of the entitys financial
statements
o Auditors are expected to provide a high level of assurance about their work (not absolute
assurance)
o Reasonable assurance is provided by assessing various risks relating to the likelihood of
material misstatement in financial statements and performing audit procedures to control
the risk to a low level
Why cant GAAS audits achieve absolute assurance? Some limitations:
o Auditors are not infallible
o The nature of financial reporting is such that certain aspects of this process are subject to
management judgment and estimates (useful lives for depreciation, etc.)
o Audit procedures cant always detect misstatements
o
Due to time constrains, auditors only evaluate a sample of transactions/components*Despite these limitations, the concept of reasonable assurance does require auditors to
reduce the risk of failing to detect a material misstatement to a low level
Planning and Supervision
After obtaining/retaining an engagement, the next step is planning; it includes:
o (1) Preparing an audit and supervising and audit work
o (2) Obtaining knowledge of clients business
o (3) Dealing with differences of opinion among the accounting firms personnel
GAAS requires a written audit plana list of the audit procedures auditors need to perform to
gather sufficient appropriate evidence on which to base their opinion on the financial statements
Auditors must obtain an understanding of the clients business and industry
o This helps auditors identify areas for special attention (accounts or transactions where
fraud may exist), evaluate the reasonableness of accounting estimates, and make
judgments about managements choices among accounting principles
Timing is extremely important for audit planningin order to have enough time to plan an audit,
auditors need to be engaged before the fiscal year end (known as the date of the financial
statements)
o More advance notice allows more time for planning
o The audit team may also be able to perform part of the audit at an interim datea date that
is weeks or months before year-end, and thereby make the rest of the audit work more
efficient
January 1 November 10 December 31
Evaluate activity from Jan 1-Nov 10
Planning and Interim Work Evaluate activity from Nov 10 Dec 31Normal Year-End Work
8/10/2019 Audit_Chapter 2.docx
7/9
7
Materiality
Materiality, as it relates to financial reporting, is the dollar amount that would influence the
lending or investing decisions of financial statement users
Materiality is recognized as part of the objective of an audit, which is to obtain reasonable
assurance about whether the financial statements as a whole are free of material misstatement
o Auditors are not responsible for detecting misstatements that are not material
The audit team considers materiality in planning the audit, performing the audit, and evaluating
the effect of misstatements on financial statements
However, auditors must consider qualitative materiality - a small misstatement with large
consequences
Risk Assessment
The risk assessment processrequires an understanding of the client, its operating environment,
and its industry, including its internal controls
Internal controlis defined as the policies and procedures implemented by an entity to
prevent/detect material accounting fraud/error and provide for their correction in a timely basis
Auditors assess the risk of material misstatement, the combined probability that a material
misstatement (error or fraud) will occur [inherent risk] and the probability that a material
misstatement (error or fraud) will not be prevented or detected on a timely basis [control risk]
by the entitys internal controlso Basically, risk of material misstatement is the likelihood that an error/fraud will exist in
the F/S prior to the auditors work
The primary purpose of assessing the risk of material misstatement is to help auditors determine
the nature, timing, and extent of audit proceduresnecessary to gather evidence about the fairness
of the financial statements
Process of risk assessment includes two relationships:
o 1. Effective internal control Lower level of control risk Allows auditors to evaluate
less evidence and use less effective substantive procedures
o 2. Ineffective internal control Higher level of control risk Requires that auditors
evaluate more evidence and use more effective procedures
Auditors responsibility to report on the effectiveness of an entitys internal controls for publicentities exceeds that for the audit of a nonpublic entity
Audit Evidence
Final element of performance principle is collecting and evaluating evidence to provide the
opinion
o Evidencethe information used by auditors in arriving at the conclusions on which the
audit opinion is based and includes the underlying accounting data and all available
corroborating data
Substantive proceduresare the methods used by auditors to evaluate evidence following the risk
assessment
The performance principle requires auditors to gain persuasive evidence; persuasiveness is an
overall ability of evidence to support the auditors opinion Persuasive evidence relies on both sufficiencyand appropriateness
Appropriateness relates to evidence quality, sufficiency relates to evidence quantity
o Appropriateevidence must be relevant and reliable
Relevancerefers to the nature of information provided by the audit evidence
relates to the quality of evidence; operationalized through management assertions
Reliabilityrefers to the extent of trust auditors place in evidence Evidence that is
reliable is high quality
8/10/2019 Audit_Chapter 2.docx
8/9
8
Reliable evidence also depends on sources: in evaluating potential sources of
evidence, auditors consider the hierarchy of audit evidence quality
1. Direct, personal knowledgeof auditor obtained throughphysical
observationand mathematical computationdone by auditor; this is
considered the most reliable evidence
2.External documentary evidence: documentary evidence obtained
directly from external sources; generally considered reliable, but knowledge
and objectivity of sources must be considered
3. External-Internal evidence: documentary evidence that originated
outside the clients information system but has been processed by the client;considered reliable when internal controls are strong but less reliable than
external evidence
4. Internal evidence: documents produced and stored within the clients
information system; considered low in reliability, but used extensively when
produced under satisfactory internal control conditions
5. Verbal evidence: responses provided by clients officers, directors,owners, etc.; considered the least reliable form of evidence; GAAS requires
auditors obtain written representationwritten assertions provided by
management to auditors on matters such as the fairness of the f/s,availability of financial records and other data, and other specific financial
information
Sufficiency measures the quantity of audit evidence (the number of transactions or components
evaluated)
o Sufficiency is left to auditors professional judgment
o There is no official standard to how much evidence is needed, but sufficient evidencecan be
defined as enough evidence to stand the scrutiny of other auditors (supervisors/reviewers)
and outsiders (critics, judges, etc.)
Sufficiency and appropriateness of evidence is reflected in detection riskthe risk that the audit
teams substantive procedures will fail to detect a material misstatement
o
To lower detection risk, auditors must require higher quality evidence, gather morerelevant and reliable evidence (appropriateness), and evaluate a larger number of
transactions/components (sufficiency)
Thus detection risk is affected by both sufficiency and appropriateness
Fundamental Principle: Reporting
The final stage of an audit
Fundamental reporting principle states: Based on evaluation of evidence obtained, the auditor
expresses in the form of a written report, an opinion in accordance with the auditors findings, or
states that an opinion cant be expressed. The opinion states whether the financial statements are
presented fairly, in all material respects, in accordance with applicable financial reporting
framework The reporting principle requires the auditor to express an opinion on the entitys financial
statements (or indicate that an opinion can not be expressed)
In expressing the opinion, the auditor is required to assess the financial statements against an
applicable set of criteria (GAAP, IFRS, etc.) used to determine the measurement, recognition,
presentation, and disclosure of material items in the financial statements
Types of Audit Opinions:
o Unqualified:a clean opinion that makes no mention of auditing or accounting
deficiencies; F/S are fully in accordance to GAAP
8/10/2019 Audit_Chapter 2.docx
9/9
9
o